const { StatusCodes } = require('http-status-codes');
const AppError = require('../utils/appError');

module.exports = (req, res, next) => {
  try {
    // This is a simplified version - in real app you'd check user role from DB
    if (req.user.role !== 'admin') {
      throw new AppError(
        'You do not have permission to perform this action',
        StatusCodes.FORBIDDEN
      );
    }
    next();
  } catch (err) {
    next(err);
  }
};